Great Circle Associates Majordomo-Users
(May 1994) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: Can some hostile addresses be parsed?
From: Brent Chapman <brent @ mycroft . GreatCircle . COM>
Date: Tue, 17 May 1994 14:40:21 -0700
To: "John P. Rouillard" <rouilj @ terminus . cs . umb . edu>
Cc: majordomo-users @ greatcircle . com
In-reply-to: Your message of Tue, 17 May 1994 17:27:51 -0400 
"John P. Rouillard" <rouilj@terminus.cs.umb.edu> writes:

# The problem is that there is no great way to handle it. I know of one
# vendor sendmail that will happily try to write to a file of that
# name. Sendmail 8.6 on the otherhand won't attempt to treat it as a
# file since it has an @ in it. I think the best we can do is something
# like:
# 
# 
# 	if there is a / at the front of the address,
# 
# 	split the address on /
# 
# 	does the first component of the address exist, if so bounce
# 		the address. (Anybody who has a subdirectory of / with
# 		an = sign in the name should lose.)
# 
# 	if the first component doesn't exist, accept the address.

Not all of them begin with "/".  I'd suggest adding a flag to make the
whole "Hostile address" check optional (but leave it enabled by
default).


-Brent
--
Brent Chapman         | Great Circle Associates  | Call or email for info about
Brent@GreatCircle.COM | 1057 West Dana Street    | upcoming Internet Security 
+1 415 962 0841       | Mountain View, CA  94041 | Firewalls Tutorial dates
Follow-Ups:
Indexed By Date Previous: Re: Can some hostile addresses be parsed?
From: "John P. Rouillard" <rouilj@terminus.cs.umb.edu>
Next: Re: Can some hostile addresses be parsed?
From: "John P. Rouillard" <rouilj@terminus.cs.umb.edu>
Indexed By Thread Previous: Re: Can some hostile addresses be parsed?
From: "John P. Rouillard" <rouilj@terminus.cs.umb.edu>
Next: Re: Can some hostile addresses be parsed?
From: "John P. Rouillard" <rouilj@terminus.cs.umb.edu>
Google
 
Search Internet Search www.greatcircle.com